• bassy
  • New member
  • Offline
  • Registered: 2011-08-30
  • Posts: 3

Topic: Questions of malware format on vxheaven collection

I am a biginner in malware research. I look for some sample of computer viruses and worms. And here I found thousands sources which shown 72 fixed length Hexadecimal codes for each source.

I want to konw
1) why 72 fixed length ?
2) what is standard you select this part sequence in whole malware ?
3) why this part sequence could reprent the malware, is it means the sequence is key frame ?

thanks
bassy

  • crim
  • Member
  • Offline
  • Registered: 2010-03-19
  • Posts: 87
  • User Karma: 4

Re: Questions of malware format on vxheaven collection

can you give example of the string?

forum have become too shitty lately, if you need me find me at coru or dk, 10-4 over and out.

  • bassy
  • New member
  • Offline
  • Registered: 2011-08-30
  • Posts: 3

Re: Questions of malware format on vxheaven collection

BAT(42 files)
    Agent
        Worm.BAT.Agent.j
        6fb56373bde388174126fecf9143eeff 2aae6b7486224c8fd213918abc38393357fa4fc7 670
        Worm.BAT.Agent.k
        860c3bc3e5fc6a56ff6031ba46c245f6 a4e2b8c09ef4b7acd814e46ce91527405eeda980 591
        Worm.BAT.Agent.n
        51bef6dbf6a89278a3fb09e448192c79 abafe47dd56f19d0a114ed07677e6460408c5c14 7415
        Worm.BAT.Agent.o
        2e48b8e687cd2dda3ca2d6c816718e9a 72ec6cd0fde0e9b4e115e56863ecef708763eac2 308
        Worm.BAT.Agent.p
        413d6b8eb1731a9f2c06634975216ebf 82a8efbb00820adcfee8e262a8056dc6a38995b6 8272

5 samples of computer worms. thanks

  • Toku
  • Member
  • Offline
  • From: Spain
  • Registered: 2010-05-19
  • Posts: 11
  • User Karma: 6

Re: Questions of malware format on vxheaven collection

bassy wrote:

BAT(42 files)
    Agent
        Worm.BAT.Agent.j
        6fb56373bde388174126fecf9143eeff 2aae6b7486224c8fd213918abc38393357fa4fc7 670
        Worm.BAT.Agent.k
        860c3bc3e5fc6a56ff6031ba46c245f6 a4e2b8c09ef4b7acd814e46ce91527405eeda980 591
        Worm.BAT.Agent.n
        51bef6dbf6a89278a3fb09e448192c79 abafe47dd56f19d0a114ed07677e6460408c5c14 7415
        Worm.BAT.Agent.o
        2e48b8e687cd2dda3ca2d6c816718e9a 72ec6cd0fde0e9b4e115e56863ecef708763eac2 308
        Worm.BAT.Agent.p
        413d6b8eb1731a9f2c06634975216ebf 82a8efbb00820adcfee8e262a8056dc6a38995b6 8272

5 samples of computer worms. thanks


Those seems from the section of "live" viruses from VX Heavens, I think that you're looking for http://vxheavens.com/src.php wink

Regards.

[Register or log in to view the URL]

Toku's Website

  • bassy
  • New member
  • Offline
  • Registered: 2011-08-30
  • Posts: 3

Re: Questions of malware format on vxheaven collection

I known they are "live" samples, I just want to know, why they fixed by 72 length?

  • Toku
  • Member
  • Offline
  • From: Spain
  • Registered: 2010-05-19
  • Posts: 11
  • User Karma: 6

Re: Questions of malware format on vxheaven collection

They are the hashes of the live sample. The first one is the md5, the second one is the sha1 and the thirth is the file size.

[Register or log in to view the URL]

Toku's Website